How to disable Flash in Microsoft Edge (Windows 10)

In Windows 10 you don’t need to install separately flash player like you used in previous Windows versions or browsers like IE/Chrome/Firefox. Now flash player is integrated with Microsoft Edge, the replacement of Internet Explorer.

Recently a new (yes, yet another one) vulnerability has been discovered for Adobe Flash Player. In order to update it you can’t go directly to Adobe website but rather it will updated with Windows Update.

In order to allow or block Flash on Edge you should follow the following steps:

Click the button “…” on the upper right corner of Microsoft Edge

Click on View Advanced Settings

Look for “Use Adobe Player” and click on it to change from On to Off

Remember: Flash is a buggy software. Update it but try to keep it disabled unless you really need it (most cases you won’t!).

Let’s face it, we hate to type unnecessary stuff, so if our browser can fill out information for us we’re on board!

Autofill is the feature that automatically completes form data with information you have previously entered.

However handy this might seem, it presents a huge privacy and security risk. The information that is saved in your browser – names, addresses, passwords… even credit card numbers – can be stolen through shady scammers websites and in other ways. You can read more about it here: Autofill flaw lets scammers steal credit card information

The safest option is always type the information. If you use a password manager like LastPass or KeePass copy and paste the information instead of using an autofill feature or plugin.

Disabling Autofill and Saving Passwords features in Chrome

Go to the Settings Menu Option

Click on the 3 dots button to view the menu

Click on Settings

Go to the bottom of the Settings page and click on Shows advanced settings…

Go to the section Passwords and forms and remove the checkmark on the following options. This will disable both the autofill option and the save passwords option.

How to re enable confirmation warnings before deleting an email or Emptying the Trash Folder on Mozilla Thunderbird

I tend to delete emails from Thunderbird using SHIFT+DEL out of habit when I’m sure I don’t want that message any more, but recently I accidentally ticked the check-box that tells Thunderbird not to ask me if I’m sure I want to delete such message(s).

Although safer, I didn’t want to delete messages then empty the trash. For whatever reason I wanted to return to the past behavior. In case this has happened to you, here are the steps to get the warning back:

Go to the Tools Menu

Click on Options

Click on Advanced

The picture below shows the Options-Advanced Window. In the lower right you’ll see the “Config Editor” button. Click on It.

You will receive a fair warning as this. Click on I’ll be careful, I promise!

Now you’re on the configuration section. The value I want to change here is:

mail.warn_on_shift_delete from false to true. To change the value, just double click on the line.

If you want to re-enable the confirmation for emptying the Trash folder, the value you should modify is:

Enable password encryption and create usernames and passwords

The service password-encryption allows for ahem.. the encryption of every password (enable, username passwords) on the device. Issue it if you haven’t before (you probably have, though). Also create the users who can access your device and with which privileges. In this example the user database is local.

Restricting vty lines to use only ssh (don’t allow telnet)

In configuration mode allow only incoming ssh connections with the command transport input ssh (by default lines don’t allow any connections), and indicate the authentication is taking place against the local database (the users you created before).

If you want to add a bit of extra security, you can create a list of IP addresses which are allowed to connect via ssh to the Cisco device.

The following example creates the standard access list 1 to permit traffic from the subnet 10.10.10.0 with logging enabled. A deny statement is implicit in the ACL so technically the second access-list line is not needed unless you want to log unauthorized connection attempts (Always check who’s trying to connect to your server!).

Block IP addresses after a certain number of failed attempts (optional)

Also, if you want to prevent the casual attacker you can block their IP addresses for a period of time use the command login block-for; this will prevent brute force attacks to the device.

The example below blocks for 1 hour (3600 seconds) an IP address with 5 failed login attempts within 50 seconds. Important: Choose carefully the proper times for your environment. If you select a very low fail-attempt-threshold like 2 failed login attempts within 60 seconds then you might be blocking yourself if you accidentally type a wrong password 2 times in 1 minute.

switch(config)# login block-for 3600 attempts 5 within 50

That’s it. You should be able to connect to your device via your favorite SSH client.

Flash is phasing out. Every day fewer websites run with Flash since they have replaced it with HTML5 and other formats. Why? Among other things Flash is VERY insecure. For example, there are a lot of flash ads that right now are being injected with malicious code in order to infect everybody visiting certain sites with those ads. You don’t have to click on anything, you don’t have to download a file, you’ll be infected just by getting there.

If you don’t use flash it’s best to disable it, but if you need it from time to time (certain websites and devices still only use Flash), set your browser to “Ask First” and update to the latest Adobe Flash Player Version https://get.adobe.com/es/flashplayer/.

Disabling Flash in Chrome

The easiest and fastest way to do it is typing on the location bar:

chrome://settings/content

Figure 1. Content Settings

Or if you want the long and click-y version, click on the upper right menu and click on Settings.

On the window that will appear go to the bottom and click on Advanced. More options will appear including “Content Settings”

Click on that option, it will show the same information that on Figure 1 above.

You’ll see an option for Flash, click on it.

If you want Chrome to ask before running Flash make sure your setup looks like the picture below. This picture shows that Chrome is allowing sites to run Flash but also to ask before running it on a website.

The next time a website is trying to use flash a dialog similar to this will appear:

If you want to completely disable Flash, disable Allow sites to run flash clicking on the blue button, the text now will change to Block sites from running Flash

This window also has the option to block and allow flash per website, either manually or if you selected “Ask First” it will remember your choice of Allow/Block for individual sites.

That’s it!

Disabling Flash in Firefox

Click on the menu symbol on the upper right corner and click on add-ons or on the location bar type about:addons

On the left side menu, click on Plugins Search for Shockwave Flash or Shockwave for Director (Annoyingly this was the previous name for the Flash plugin).

Here you can choose “Ask to Activate“, which in essence would make Firefox to ask to activate Flash in case a site needs it. (See Figure below). Nowadays, this would be rare, since most Flash on the Internet is in ads, not actual content, and even sites who use Flash have an alternate version without it. So you can disable Flash for good, selecting Never Activate. You will see something like this in a web page which only uses Flash.

Final Notes

My personal recommendation is to disable Flash since these vulnerabilities are recurrent.

Have you ever had a rogue user trying to spam the world -on purpose or just because he catched a bad bug? -, a temporary problem with your Carrier, users who endlessly type hotmal, gmal, hotmial, instead of… you got the idea! Then you’ve probably experienced having an email queue so long you can’t see the end of it and it would take hours to process.

You can see how many messages are in the queue issuing exim -bpc and see the queue with exim -bpu

In order to accelerate the queue delivery, we can give it Exim a hand.

Deleting all Frozen messages

Frozen messages are just bounce messages, that is, notifications that a certain message delivery failed.

Those messages are stuck and going nowhere (**) so let’s just delete them.

You have two options:

exim -bpr | grep frozen | awk ‘{print $3}’ | xargs exim -Mrm

Basically we just examined the queue, look for the word frozen, got the message ID and pass that id to exim to delete it. Or even better run this to get the same result without affecting emails including the word frozen in some part of the email.

exiqgrep -z -i | xargs exim -Mrm

Now, If you don’t want to type that much just create a script to do that. For example:

#!/bin/bash
exiqgrep -z -i | xargs exim -Mrm

Call it removefrozen.sh or whatever you want; place it in an appropriate path and just call the script everytime you need it without the hassle.

Additionally, you might want to modify this lines in the exim configuration file:

To expedite the process of elimination of such bounces. Now let’s get rid of other messages.

(**) Frozen messages should be investigated to prevent them.

Deleting old messages

Messages that have been in the queue for a while, let’s say 1 day or 2 days are unlikely to be delivered. (*) Sometimes the remote mailbox is full, or the domain is non-existent and the message would be attempted to be delivered for as long as it is configured in the exim “configure” file; usually 4 days.

You can lower that value directly in the configuration file, but if you want to keep the default values and just delete old messages at your command you can run exiqgrep and delete messages based on certain time.

Now, this is something I don’t recommend doing, because you can prevent legitimate mail from being delivered, but if you have no option, the following example command deletes all messages which have been in the queue for more than 1 day (in seconds).

exiqgrep -o 86400 -i | xargs exim -Mrm

Again, you can add the command to a simple script for easier access.

Deleting messages to non-existent domains

Now, there’s no way for exim to know if a domain is valid or not. It only knows if the DNS lookup has failed. (*) That’s why this is a tricky one. However, typos are obvious some times, and if you can identify them you can delete a good amount of emails. Now remember, you should give exim some time to attempt to deliver the message so the sender is notified of the failed delivery. Otherwise, the sender would never know he tried to send a message to a wrong recipient.

Some of the super typos I’ve seen are hotmal.com, hotmial.com, homail.com, yahooo.com, etc. A few of these domains exist but they’re not the ones the sender intended. Other cases would be very particular to your users so you might be able to identify those.

So, let’s delete messages to wrong domains with a script.

#!/bin/bash
exiqgrep -r $@ -i | xargs exim -Mrm

Call it, removerecipient.sh, i.e., and call the script with the domain or full email of the recipient you want to delete as a parameter. Example: sh removerecipient.sh @hotmal.com

IMPORTANT: The script above is just a basic example, it’s NOT sanitized and it will match partial coincidences. That is, if you intend to delete messages sent to gmal.com and you just execute removerecipient.sh gmal.com you’ll end up removing messages sent to gmal.com, agmal,com, logmal.com, etc., which may be potentially good domains.

The basic script is useful though if you want to delete thousands emails to russian, korean, etc. accounts and you have no business with them whatsoever, aka malware/SPAM.

Therefore, use with caution, use the whole email address (not just the domain) and verify the option passed as parameter inside the script. Also, ensure proper permissions are in place.

Deleting messages from non-existent senders

Use with the same precautions as the previous option. In this case, you delete messages from a certain sender, instead of a recipient.

Call it, removesender.sh, i.e., and call the script with the domain or full email of the recipient you want to delete as a parameter. Example: sh removesender.sh @hotmal.com

Identifying the culprit of a spam attack

Now, all the delete commands stated above won’t stop a spam attack, they will only help in cleaning the email queue. You should identify the sender of the spam and block him. How?

First, you have to identify one of the spam messages and grabs its ID.

See the queue: exim -bpu

Identify a suspicious email, let’s say with ID 1ZCB3s-0007lp-N6 and check its body and its headers.

Checking the body (to verify your suspicion is correct)

exim -Mvb <message-id>
Example: exim -Mvb 1ZCB3s-0007lp-N6

If you see something like viagra promotions, malicious links, etc., you have a winner. Now, let’s check the headers:

exim -Mvh <message-id>
Example: exim -Mvh 1ZCB3s-0007lp-N6

I recommend using less afterwards to see the very first lines:

exim -Mvh 1ZCB3s-0007lp-N6 | less

Now look for the line starting with -auth_id. There you should see the username used to authenticate that email as valid to your email server. Don´t trust the sender you see in the queue because that’s just the envelope. For example you can see in the queue an email from remote@invalid.com with auth_id local@valid.com.

Once you have the address used to auth the spam, block it from your email server (suspend the account and/or change the password), warn the legitimate user, and adjust your spam filters accordingly. Also, you can block in your firewall the sender origin IP indicated in the line starting with -host_address, i.e. the spammer ip address.

Deleting ALL messages in the queue

If for some very special reason you want to delete ALL the email queue, then just issue: